Privacy Policy

Last updated: May 10, 2026

Terms of Service Privacy Policy

1. Information We Collect

OTP Val collects and processes the following categories of data:

  • Public Game Data: Publicly available VALORANT match data accessed through the Riot Games API and authorized third-party APIs, including match results, agent selections, per-player performance, and competitive rankings. This data is used to compute population-level OTP statistics.
  • Opt-In Linked-Account Data: If you choose to link your Riot account via Riot Sign On (RSO), we additionally process your PUUID, Riot ID (game name + tagline), region/shard, OAuth access and refresh tokens issued by Riot, and the match history those tokens entitle us to retrieve. We do not receive your Riot username, password, email, or payment information at any time.
  • Aggregated Statistics: Performance metrics (win rates, KDA, ADR, pick rates, OTP rates) computed across the player population. These are de-identified and not tied back to any individual player.
  • Usage Data: Standard web-server logs that may include IP addresses, user agent, pages visited, and timestamps, used for operational, security, and abuse-prevention purposes.

2. How We Use Data

Collected data is used exclusively to:

  • Generate aggregate statistical analysis about agent and OTP performance
  • Provide rank distribution, map, and meta-game insights
  • Build and serve the public OTP tracker of users who have opted in via RSO
  • Improve the accuracy, coverage, and reliability of our analytics
  • Operate, secure, and maintain the Service

We do not sell personal data, share it with data brokers, or use it for any form of profiling beyond computing the gameplay statistics described above. We do not use Riot account data for advertising targeting.

3. Public Player Data (Non Opt-In Users)

For players who have not opted in, we process publicly available match data from VALORANT's queues. Riot IDs may be used internally for data collection and deduplication, but the public-facing Service shows only aggregated, population-level statistics by rank, agent, and map — never a personal tracker, individual match history, or other personally identifiable performance data. Any non-opt-in player may request removal of their Riot ID from our dataset (see Section 9).

4. Riot Sign On (RSO) and Account Linking

The opt-in account-linking feature relies on Riot Sign On, an OAuth 2.0 flow operated by Riot Games. When you choose to link your account:

  • You authenticate directly with Riot. Your credentials are entered on Riot's domain. We never see them.
  • We receive a limited token + identifiers. Riot returns an access token, refresh token, and your PUUID, Riot ID, and region. We use those to retrieve only the match data covered by the scopes you authorized.
  • Linking creates a public tracker. Per Riot Developer Portal Policies, account linking publicly discloses the linked player's account and gameplay data. By linking, you acknowledge and consent to the public display of your Riot ID, region, ranks, and computed OTP statistics on the Service.
  • Tokens are stored securely. Access and refresh tokens are stored encrypted at rest, transmitted only over HTTPS/TLS, and used solely to refresh your match data on the Service.
  • You can revoke at any time. Use the in-Service account-deletion control or revoke access from your Riot account's connected applications page. Revocation triggers deletion of your stored tokens and public tracker within thirty (30) days, subject to Section 9.

5. Cookies, Local Storage, and Tracking

The Service uses a small number of strictly necessary cookies and/or browser local-storage entries to keep you signed in to your linked account (RSO session) and to remember UI preferences (e.g., selected region, theme). We do not use first-party analytics or advertising cookies.

If advertising is enabled, third-party ad networks (such as Google AdSense) may set their own cookies and similar technologies. These are governed by the respective third-party privacy policies:

6. Data Storage and Security

Match data and linked-account records are stored on server infrastructure operated by or on behalf of the Service. All API access to Riot's services occurs over HTTPS/TLS. OAuth tokens are stored encrypted at rest. API keys are kept server-side and are never exposed in client code. We implement reasonable administrative, technical, and physical safeguards, but no method of electronic storage is 100% secure. We do not store Riot passwords, payment information, government IDs, or other sensitive personal data.

7. Data Retention

  • Public match data: Retained indefinitely in aggregate form for historical and longitudinal analysis.
  • Linked-account data: Retained for as long as your account remains linked. Upon revocation or account deletion, your OAuth tokens, public tracker, and personally identifying linked-account records are deleted within thirty (30) days. De-identified aggregates already incorporated into population metrics may be retained.
  • Server logs: Retained for a limited operational period (typically up to 90 days) and then deleted or anonymized.

8. Third-Party Services

The Service relies on the following third-party services. Each is governed by its own terms and privacy policy:

  • Riot Games API and Riot Sign On: For authentication and accessing official VALORANT match data, subject to the Riot Games API Terms and Riot Privacy Notice.
  • HenrikDev API: For supplementary VALORANT match data, where used.
  • Valorant-API.com: For agent icons and other in-game asset metadata sourced from Riot's published assets.
  • Google AdSense: For serving advertisements when enabled.
  • Hosting / CDN providers: For application hosting, content delivery, and DDoS protection.

9. Your Rights and Choices

You have the following rights with respect to data the Service holds about you:

  • Access: Request a copy of the personal data associated with your Riot ID or linked account.
  • Rectification: Request correction of inaccurate data.
  • Erasure / Account deletion: Request deletion of your linked tracker and stored authentication tokens. Non-opt-in players may also request removal of their Riot ID from our dataset.
  • Withdraw consent: Revoke the Service's RSO authorization at any time, either in-Service or from your Riot account's connected applications page.
  • Data portability (EU/EEA/UK): Receive your data in a structured, commonly used format.
  • Object / restrict processing (EU/EEA/UK): Object to or restrict certain processing of your personal data.
  • Lodge a complaint (EU/EEA/UK): Lodge a complaint with your local data protection authority.
  • California residents (CCPA/CPRA): You have the right to know, delete, correct, and limit use of personal information, and the right not to be discriminated against for exercising these rights. We do not sell or share personal information as those terms are defined under the CCPA.

To exercise any of these rights, use the in-Service account control where available, or contact the site operators (see Section 12). We will respond within the timeframes required by applicable law.

10. Children's Privacy

The Service is not directed at children under 13 (or the minimum age of digital consent in your jurisdiction, whichever is higher). We do not knowingly collect personal information from children. If we become aware that we have collected such data, we will take steps to delete it. Account linking is only available to users who meet Riot Games' own age requirements.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be reflected in the "Last updated" date at the top of this page and, where the change affects opted-in users, surfaced in the Service interface. Your continued use of the Service after changes constitutes acceptance of the updated policy.

12. Contact

For privacy-related inquiries, data access or deletion requests, RSO revocation help, or questions about this policy, please open an issue on the project's repository or contact the site operators.